Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/cakephp/cakephp@2.7.6
purl pkg:composer/cakephp/cakephp@2.7.6
Next non-vulnerable version 3.10.3
Latest non-vulnerable version 5.3.1
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-e42e-y1zv-4yem
Aliases:
CVE-2016-4793
GHSA-j8p3-8m69-2hqq
Improper Input Validation The `clientIp` function in CakePHP allows remote attackers to spoof their IP via the `CLIENT-IP` HTTP header.
2.7.11
Affected by 3 other vulnerabilities.
2.8.2
Affected by 3 other vulnerabilities.
3.0.17
Affected by 4 other vulnerabilities.
3.1.12
Affected by 3 other vulnerabilities.
3.2.5
Affected by 2 other vulnerabilities.
VCID-efhb-ed55-3fdy
Aliases:
CVE-2020-15400
GHSA-j33j-fg2g-mcv2
3.10.3
Affected by 0 other vulnerabilities.
4.0.6
Affected by 1 other vulnerability.
VCID-yq27-7v6m-5bc5
Aliases:
CVE-2015-8379
GHSA-556q-h4vr-pgh2
Cross-Site Request Forgery (CSRF) CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
3.1.5
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-k87k-gfb3-vbab Unsafe view template filenames result in a Remote File Inclusion vulnerability. GMS-2015-41
VCID-tvvp-39ps-sqab CakePHP vulnerable to Remote File Inclusion through View template name manipulation CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation. GHSA-p76f-wr22-4rv6
GMS-2023-70
VCID-tyh8-9qqj-tfdt PHP Remote File Inclusion Remote File Inclusion through View template name manipulation. GMS-2015-64

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T06:43:10.320649+00:00 GitLab Importer Affected by VCID-yq27-7v6m-5bc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2015-8379.yml 38.6.0
2026-06-01T05:49:12.892863+00:00 GitLab Importer Affected by VCID-efhb-ed55-3fdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2020-15400.yml 38.6.0
2026-05-31T21:34:58.090325+00:00 GHSA Importer Fixing VCID-tvvp-39ps-sqab https://github.com/advisories/GHSA-p76f-wr22-4rv6 38.6.0
2026-05-31T11:05:40.847089+00:00 GithubOSV Importer Fixing VCID-tvvp-39ps-sqab https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-p76f-wr22-4rv6/GHSA-p76f-wr22-4rv6.json 38.6.0
2026-05-31T09:37:45.396460+00:00 GitLab Importer Affected by VCID-e42e-y1zv-4yem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2016-4793.yml 38.6.0
2026-05-30T20:59:32.466997+00:00 GitLab Importer Fixing VCID-tvvp-39ps-sqab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-70.yml 38.6.0
2026-05-30T20:52:18.384157+00:00 GitLab Importer Fixing VCID-k87k-gfb3-vbab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-41.yml 38.6.0
2026-05-30T20:52:18.302199+00:00 GitLab Importer Fixing VCID-tyh8-9qqj-tfdt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2015-64.yml 38.6.0